xloader_apk | 15974c98339633752c9db78f6ab8b1af95c7de736c9ea48ac5accb91309554e8 | Triage

Sharing

General

Target

15974c98339633752c9db78f6ab8b1af95c7de736c9ea48ac5accb91309554e8.bin
Size

390KB
Sample

240809-18fg3asbrl
MD5

6ed91a21e050e9b716cbfe062f9a291f
SHA1

3b0a0b37bbff7e9b21322f88a863361fa1bc32f3
SHA256

15974c98339633752c9db78f6ab8b1af95c7de736c9ea48ac5accb91309554e8
SHA512

0550ab40c90009cbe3e69f648d3ec37e51e45804c681ff35d43b5de644af4759d2267dd2362f166fb42d9bf6edd72b303f98a177c869cb461f0fed5dca22460e
SSDEEP

12288:4r1sUNpMt8iN+ubg6G9hgQyLDSp4hDygsaimSXVM:43zji8ubDWhgDM4hbTSe

Score

10^/10

xloader_apk android banker collection discovery evasion infostealer persistence stealth trojan

Malware Config

Targets

- Target
  
  15974c98339633752c9db78f6ab8b1af95c7de736c9ea48ac5accb91309554e8.bin
- Size
  
  390KB
- MD5
  
  6ed91a21e050e9b716cbfe062f9a291f
- SHA1
  
  3b0a0b37bbff7e9b21322f88a863361fa1bc32f3
- SHA256
  
  15974c98339633752c9db78f6ab8b1af95c7de736c9ea48ac5accb91309554e8
- SHA512
  
  0550ab40c90009cbe3e69f648d3ec37e51e45804c681ff35d43b5de644af4759d2267dd2362f166fb42d9bf6edd72b303f98a177c869cb461f0fed5dca22460e
- SSDEEP
  
  12288:4r1sUNpMt8iN+ubg6G9hgQyLDSp4hDygsaimSXVM:43zji8ubDWhgDM4hbTSe
Score

10^/10

xloader_apk banker collection discovery evasion infostealer persistence stealth trojan
- XLoader payload
- XLoader, MoqHao
  An Android banker and info stealer.
  trojan infostealer banker xloader_apk
- Checks if the Android device is rooted.
  evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the MMS message.
  collection
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Foreground Persistence

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Protected User Data

SMS Messages

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

behavioral2

xloader_apkbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

behavioral3